diff options
Diffstat (limited to 'jstests/ssl/ssl_with_system_ca.js')
-rw-r--r-- | jstests/ssl/ssl_with_system_ca.js | 76 |
1 files changed, 38 insertions, 38 deletions
diff --git a/jstests/ssl/ssl_with_system_ca.js b/jstests/ssl/ssl_with_system_ca.js index 570f55c1424..10c4c3ae2b3 100644 --- a/jstests/ssl/ssl_with_system_ca.js +++ b/jstests/ssl/ssl_with_system_ca.js @@ -5,50 +5,50 @@ // To install trusted-ca.pem for local testing on OSX, invoke the following at a console: // security add-trusted-cert -d jstests/libs/trusted-ca.pem (function() { - 'use strict'; +'use strict'; - const HOST_TYPE = getBuildInfo().buildEnvironment.target_os; - if (HOST_TYPE == "windows") { - // OpenSSL backed imports Root CA and intermediate CA - runProgram( - "certutil.exe", "-addstore", "-user", "-f", "CA", "jstests\\libs\\trusted-ca.pem"); +const HOST_TYPE = getBuildInfo().buildEnvironment.target_os; +if (HOST_TYPE == "windows") { + // OpenSSL backed imports Root CA and intermediate CA + runProgram("certutil.exe", "-addstore", "-user", "-f", "CA", "jstests\\libs\\trusted-ca.pem"); - // SChannel backed follows Windows rules and only trusts the Root store in Local Machine and - // Current User. - runProgram("certutil.exe", "-addstore", "-f", "Root", "jstests\\libs\\trusted-ca.pem"); - } + // SChannel backed follows Windows rules and only trusts the Root store in Local Machine and + // Current User. + runProgram("certutil.exe", "-addstore", "-f", "Root", "jstests\\libs\\trusted-ca.pem"); +} - function testWithCerts(prefix) { - jsTest.log(`Testing with SSL certs $ { +function testWithCerts(prefix) { + jsTest.log( + `Testing with SSL certs $ { clientPem connecting to serverPem }`); - // allowSSL to get a non-SSL control connection. - const conn = MongoRunner.runMongod( - {sslMode: 'allowSSL', sslPEMKeyFile: 'jstests/libs/' + prefix + 'server.pem'}); - - let argv = [ - './mongo', - '--ssl', - '--port', - conn.port, - '--sslPEMKeyFile', - 'jstests/libs/' + prefix + 'client.pem', - '--eval', - ';' - ]; - - if (HOST_TYPE == "linux") { - // On Linux we override the default path to the system CA store to point to our - // "trusted" CA. On Windows, this CA will have been added to the user's trusted CA list - argv.unshift("env", "SSL_CERT_FILE=jstests/libs/trusted-ca.pem"); - } - - const exitCode = runMongoProgram.apply(null, argv); - MongoRunner.stopMongod(conn); - return exitCode; + // allowSSL to get a non-SSL control connection. + const conn = MongoRunner.runMongod( + {sslMode: 'allowSSL', sslPEMKeyFile: 'jstests/libs/' + prefix + 'server.pem'}); + + let argv = [ + './mongo', + '--ssl', + '--port', + conn.port, + '--sslPEMKeyFile', + 'jstests/libs/' + prefix + 'client.pem', + '--eval', + ';' + ]; + + if (HOST_TYPE == "linux") { + // On Linux we override the default path to the system CA store to point to our + // "trusted" CA. On Windows, this CA will have been added to the user's trusted CA list + argv.unshift("env", "SSL_CERT_FILE=jstests/libs/trusted-ca.pem"); } - assert.neq(0, testWithCerts(''), 'Certs signed with untrusted CA'); - assert.eq(0, testWithCerts('trusted-'), 'Certs signed with trusted CA'); + const exitCode = runMongoProgram.apply(null, argv); + MongoRunner.stopMongod(conn); + return exitCode; +} + +assert.neq(0, testWithCerts(''), 'Certs signed with untrusted CA'); +assert.eq(0, testWithCerts('trusted-'), 'Certs signed with trusted CA'); })(); |